Cock.li server seized again by German prosecutor, service moves to Romania

The administrator of the cock.li e-mail hosting service told Ars on Friday that a second hard drive had been seized from his Bavarian data center by the district attorney for the City of Zwickau in eastern Germany. As a result, he has now moved the service out of Germany and is in the process of restoring it.

Further Reading

cock.li's Vincent Canfield said that he had initially chosen a German data host because the country has a reputation for "good data privacy laws."

"Of course, though the facts of the case are yet to be seen since no one in Germany is talking to us, I will definitely never host anything in Germany ever again," he told Ars in an encrypted chat.

The same Zwickau authorities previously seized one of cock.li's hard drives in late December 2015. That first seizure came shortly after cock.li was reportedly used to send a bogus bomb threat e-mail from "madbomber@cock.li" to several school districts in the United States, which led to the closure of all schools in the Los Angeles Unified School District (LAUSD). The New York City Department of Education, however, dismissed the e-mail as an obvious hoax. (The LAUSD has refused to provide Ars a copy of this original message under the California Public Records Act, a decision that we have appealed.)

Further Reading

Because the novelty e-mail host was configured as a RAID1 (mirrored) setup, the e-mail service continued operating until Friday. It is unclear why there was a weeks-long delay between the first and second seizure.

Until Friday, cock.li had been hosted on Hetzner.de, a hosting service based in Bavaria—it is also not clear why a prosecutor in an entirely different German state (Saxony) would be involved in this seizure. The Zwickau district attorney’s office did not respond to Ars’ request for comment. As far as Canfield knows, he has not been charged with a crime in Germany or anywhere else. (UPDATE Sunday 9:23am ET: One Ars reader, Johannes, points out that Hetzner does have a datacenter in Falksenstein, Saxony, so Zwickau would be responsible.)

A massive cock-up

Cock.li has since moved to Flokinet.is, an Icelandic-based host with servers in Iceland, Finland, and Romania (where Canfield himself lives). He hopes to restore it to full operation later on Friday or Saturday.

In a video published on Friday (see above) to his users and supporters, Canfield said he’s still baffled as to exactly what is going on.

"My lawyer, Jesselyn Radack, has been in contact with the German prosecution office and I can share with you an update on her office," he said in the video. "She has been trying to get information as to what’s going on but has been tossed between eight—that’s not hyperbole—eight different offices. All of which either have refused to give her information, or pointed her to a different office, or requested the name that was used on the confiscation order, which is unavailable to me or my lawyer, because Hetzner, cock.li’s former host, refused to provide a copy of that confiscation order to me or my lawyer."

In an e-mail that Canfield provided to Ars, a Hetzner representative wrote: "Unfortunately we can not provide any further information about that case, all information you will get from prosecution Zwickau. Please be patient for that." For its part, Hetzner also did not immediately respond to Ars’ request for comment.

For now, the cock.li administrator seems wholly undeterred.

"Rest assured this is not making me waver in my dedication to my cock joke on the Internet," Canfield concluded. "And your resistance only makes my penis harder. That's the fact, and I will do everything that I can as long as I'm free and I'm here, to keep my site online. This has brought me a newfound dedication to my users and to privacy and security which I used to only hold for myself and I now hold with everyone else that entrusts me with their email. It is my hope that my users understand that I am doing everything that I can to make sure cock.li is a safe place to store your dick pics and whatever else you want to host on my email provider as long as it's legal and make sure that this mass invasion of privacy of my users never happens again."

Listing image by Vincent Canfield

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is due out in May 2018 from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar